
Originally Posted by
Dioxide
Okay, to make sure you understand, I'll explain it to you.
Upon registration, the script inserts 3 values into the database: Username, Password, SaltPassword. The Username remains in plaintext, while the Password get's MD5 Encrypted with your SaltPassword. The Salt is random and is generated in the PHP script.
ex.
Username: Player
Password: p4ssw0rd
SaltPassword: ad3F7we91
When you press the Register button, your password get's encrypted(alone):
p4ssw0rd in MD5 Hash is 2a9d119df47ff993b662a8ef36f9ea20
Then, when the first encryption is done, it does it again, but this time it puts the SaltPass at the end of the generated MD5 Hash before encrypting it:
2a9d119df47ff993b662a8ef36f9ea20ad3F7we91
And what you get from that is what it inserts into the database.
Then to log in, you just enter your password in plain-text and it will accept it.